Amazon's recent cloud service outage points out the vulnerability of these types of services, and the importance of having backup plans for data and applications. Amazon’s recent cloud service outage points out the vulnerability of these types of services, and the importance of having backup plans for data and applications.“What this episode demonstrates is that cloud computing does not absolve those responsible for designing and deploying applications from understanding how the dependencies of the underlying platforms impact the availability, resiliency and survivability of their architecture — regardless of how opaque it may be,” says Chris Hoff, director, Cloud & Virtualization Solutions, at Cisco’s Security Technology Business Unit.“As distasteful as the phrase ‘plan for failure’ is to some people, the lesson here is not an unfamiliar one: hope is not a strategy and putting all your eggs in one basket means you may end up with a well-contained omelet. This failure could happen to anyone, using any service deployment or delivery model, internal or external, cloud or otherwise.”More on cloud computing and security Cloud security predictions for 2011Cloud Security Alliance updates controls matrixSurvey finds companies still struggling with cloud securityWhile Amazon is clearly responsible for the failure of service, Hoff says, “so too are those customers who are responsible for delivering service based on AWS, and not appropriately planning for a failure when options are available to do so. Ultimately, it’s the customers who own their availability, not a single provider, regardless of how reliable they may be.”The outage “underscores the importance of taking a broad risk management approach to adopting cloud computing, and the shared responsibility that exists between customer and provider in infrastructure as a service,” says Jim Reavis, executive director of the Cloud Security Alliance (CSA). “Customers with high availability requirements for their cloud application need to consider a basic virtual machine instance as a single point of failure, the same way one would view a single hard drive,” Reavis adds. “It is then important to explore the additional redundancy services you can get from your chosen provider or develop a systems architecture that can tolerate failure of a single cloud component. You can even build applications to fail over to a second or third cloud provider.”Reavis says CSA uses several cloud providers, including Amazon. “We did not experience downtime in our AWS usage because of the redundancy we built into the application architecture,” he says. Related content feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO CSO and CISO C-Suite news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe